Gautam S. Mengle is a seasoned journalist based in Mumbai, India, with over 15 years of experience in the field. Starting his career as a crime reporter, Gautam has remained connected to the crime beat while carving out a significant niche for himself in the realms of cybercrime and cybersecurity reporting over the last decade. His in-depth knowledge and expertise have established him as a respected authority on these critical issues.
In addition to his work as a journalist, Gautam serves as a consultant and advisor to individuals and organizations, providing insights and strategies to navigate the complex landscape of cyber threats. His expertise is frequently sought after, with his opinions and analyses regularly quoted in news articles by his peers.
Gautam’s dedication to raising awareness about cybercrime and cybersecurity is not just a professional endeavor but a passion project. He is deeply committed to educating the public about the pervasive risks that exist in the digital world, believing that society still has a long way to go in understanding and mitigating these threats. Through his work, Gautam continues to drive the conversation on cybersecurity, making the internet a safer place for all.
Opening Remarks
Welcome and introduction of the expert
I began my career in 2008, at a time when the criminal underworld in Mumbai was undergoing a paradigm shift in terms of its operations and head honchos shifting overseas. With organized crime moving behind the curtains, I was in a position to observe and map the rise and evolution of cybercrime over the years. It soon became something akin to obsession and led to me getting interested in cybersecurity as well.
Today, 15 years and seven newsrooms later, I am still learning, still assimilating and still chronicling the evolution of threats on the internet with as much passion as I had when I first started this journey around eight years ago, when I wrote my first article on cybersecurity and moved beyond the traditional definition of being a crime reporter.
Brief overview of the topic: “Why Are Lakhs of People Still Falling Prey to Cybercrime Despite Authorities Claiming to Conduct Intensive Awareness Campaigns?”
Every day, the news is filled with cases of people losing millions of rupees to cybercrimes. The stories are nearly the same – the cybercriminals used certain lures, sent bogus links, hacked social media or bank accounts and decamped with fat amounts of money.
The one question on one seems to be asking is, why? Why are cybercrimes not just happening but also on the rise? And what more can be done to combat them? Because what we are already doing is clearly not enough.
Section 1: Understanding the Cybercrime Landscape
Q1: Despite numerous awareness campaigns, why do you think so many people continue to fall victim to cybercrime?
There are several factors. The profile of cybercriminals has changed over the years. They are no longer semi-literate men sending cold-emails by the hundreds every day. Many of the accused we see today after educated and have a better understanding. As a result, social engineering has become finer as an art. Impersonation has become easier. Plus, we have AI now. Earlier, faulty grammar and syntax used to be the one sureshot way of spotting a phishing email. Today, ChatGPT irons out the errors.
At the same time, awareness among the people is very, very low. They don’t even read a URL before opening a link sent to them via WhatsApp. A simple act – like someone claiming to be a police officer over a video call – does not trigger alarm bells in their heads. Two days before this interview, I was consulted by someone whose female friend was made to strip on camera by a cybercriminal posing as an officer with the Indian Customs department.
Q2: Can you explain the most common types of cybercrimes that people are currently falling prey to? Are there specific demographic groups that are more vulnerable?
The most common cybercrimes I am seeing currently are impersonation of police officers, bogus investment scams, social media account hacking and sextortion.
- Impersonation of police officers is done by calling up the targets and telling them that a package was sent via courier in their name/addressed to them and it has been found to contain contraband. Once the target is scared, the ‘cop’ makes a video call to show them a bogus ID card and proceeds to milk them dry for every penny they have in the name of ‘charges’, ‘fines’ or ‘bribes’ and, in a latest and disturbing trend, makes female victims indulge in explicit acts on camera.
- Investment scams start either with part time job offers or offers of advise when it comes to the stock market. In both of these, the initial lure is put out via paid ads on Facebook, Instagram and WhatsApp. Once the target has taken the bait, they are told about schemes that can supposedly double their money. Only, the money is actually going to the cybercriminals’ accounts.
- Social media account hacking is a serial crime. A bogus profile is made in the name of a woman, using attractive pictures from the internet. This profile starts following you and lures you by posting day and night about their ‘affluent lifestyle.’ At some point you get curious and ask about the source of income, and they talk you into ‘investing in cryptocurrency just like they did’ .These same people also send you phishing links to hack your accounts, and post similar lures from your account as well. This scam is also known as pig-butchering.
- Sextortion starts with a friend or follow request from a female profile, quickly moves to explicit chats and then a video call. This ‘woman’ is actually a man who records you in compromising positions and then proceeds to blackmail you.
Q3: How do you assess the current state of cybersecurity awareness among the general public? Is there a significant gap between awareness and actual safe practices?
Well, I can tell you that 90 per cent of the people who approach me for help after falling prey to cybercrimes don’t even know about the Indian National Cyber Crime Reporting Portal. This is actually a very effective mechanism where you can register your complaint online and large amounts of money have actually been recovered because complaints were filed here immediately. But most of the people I talk to don’t seem to be aware of it. I don’t think there can be a bigger gap than this.
Section 2: Effectiveness of Awareness Campaigns
Q4: Authorities claim they are conducting intensive awareness campaigns. In your opinion, what are the key reasons these campaigns are not yielding the desired results?
Let’s answer this question with an example. Suppose I live with my 75-year-old father, who only watches limited programs on television, does not listen to the radio, does not surf the internet and prefers calls over text messages because he can’t be bothered to put on his glasses every time. Effectively, this means he has limited exposure to television advisories against cybercrime, none to those on radio, none to those on social media and very little to SMS-based advisories.
The point I am trying to make is that awareness campaigns might be creative and you might be spending a lot of money on them, but not all of it is reaching your target audience. What, then, is the use?
Q5: How do you measure the effectiveness of a cybersecurity awareness campaign? What indicators suggest that a campaign is successful or failing?
As I said earlier, I’d like to see everyone be aware of the National Cyber Crime Reporting Portal first. We can talk about the other stuff later. Around 50 per cent of the people who approach me waste precious time running investigations of their own, trying to find details of the cybercriminals using TrueCaller or other such software. The one single message – File an online complaint as soon as you lose money to a cybercrime because there is massive scope to freeze and reverse the transaction within the first couple of hours – has not reached the masses yet. The day it does, I shall call the current awareness efforts successful.
Q6: Do you believe the content and delivery methods of these campaigns are tailored effectively to the needs and understanding levels of different populations?
No, they are not. And they need to be. And this is where not just the authorities, but even the other stakeholders come in. Social media platforms need to use their algorithms to push advisories and warnings to their users’ timelines more than paid ads. Banks needs to go beyond wagging their finger sternly and telling people not to share OTPs. It’s been years since we first saw the emergence of malware that can intercept your incoming SMS and read your One Time Passwords. It’s clearly time to move beyond 2FA as a security measure. By not acknowledging these threats, you are keeping your customers in the dark and exposing them to clear and present danger.
Section 3: Behavioral and Psychological Factors
Q7: Are there psychological or behavioral factors that contribute to why people continue to fall for cyber scams, even when they are aware of the risks?
There is always a psychological factor. Investment or part time job scams thrive on the desperation of those from low income groups, as do predatory loan apps. Impersonation-based cybercrimes are so successful because of the fear factor in the minds of the common man. Sextortion thrives on the male instinct to pounce at the first hint of attachment-free sex, be it in person or on video.
Q8: How does the human element—such as trust, fear, or urgency—play a role in the success of cybercriminals?
As discussed in the earlier answer, the human element is the backbone of all cybercrime. You can have a ten foot thick steel door guarding your money, but the door is only as strong as the person holding the key. A lot of cybercrime is dependent on human weakness.
Q9: What steps can be taken to change user behavior in a way that better aligns with the advice given in awareness campaigns?
In cybersecurity, we call it a Zero Trust Policy. User behavior needs to be aligned to automatically distrust every call, message or email they receive, so that they triple check and verify carefully. The genuine ones will stand the tests of verification and the user will be much safer than they are today.
Section 4: Technological and Educational Gaps
Q10: To what extent do technological literacy and access to secure technology influence an individual’s vulnerability to cybercrime?
Access to secure technology would still be dependent on the user but technological literacy would definitely contribute towards better safeguarding against cybercrime. People need to be aware of the threats around them in order to be able to combat them effectively.
The same is also true for cybersecurity. Say the word ‘malware’ in front of the average common man and watch their face go blank. Most people don’t know what vulnerabilities are and how they are patched. Yet, these are the issues that are directly relevant to them and the security of their money and data.
Q11: Are there educational gaps that need to be addressed to make people more resilient against cyber threats? What role should schools and universities play?
I have been a visiting faculty at several colleges so far and not one of them has a dedicated module or course on cybercrime awareness and prevention. It is past high time for us to have this in our curriculum, from a very young age. Children are targets for online predators right from the time they start using the internet but there are scant efforts to safeguard them.
Q12: How can technology be leveraged more effectively to protect those who are less tech-savvy or are not regular users of digital platforms?
Well, the less tech-savvy will simply have to learn, because the best way to defeat your enemy is to know your enemy. For better or for worse, this becomes the responsibility of the more tech savvy among us. We shall have to educate our children, our elderly and everyone around us to be more aware and safer from cybercrimes.
And if these groups do not use the interent enough, it is time to go back to the basics. Go door to door, distribute pamphlets in several languages, hold awareness sessions in residential buildings. The whole nine yards.
Section 5: Strategies for Improvement
Q13: What strategies would you recommend to enhance the effectiveness of current awareness campaigns?
Evaluate and evolve. Find out the people you are still not able to reach through your campaigns. Find out why that is so. Fill those gaps. From my point of view as the chronicler of cybercrimes, I can only recommend this. The exact steps are not for me to preach or teach; the authorities are the experts in that. But I can tell you there are people, too many of them, who are far too unaware for us as a system to be okay with it.
Q14: Should there be a greater emphasis on collaboration between government bodies, private companies, and the community in combating cybercrime? If so, how?
Absolutely yes. In every way possible. Government has the knowledge and the authority, private companies have the money and communities have the reach. Imagine the results of we had more collaborations between these three.
There is no one single entity at fault here; all three have their own limitations. But together, they can work wonders. Imagine a detailed advisory on sextortion, made on data put together by the police, by an ad agency hired by a corporate house, recommended by community leaders across the country. Now imagine 100 such advisories.
Q15: Looking forward, what innovations or new approaches do you think will be critical in reducing the number of people falling victim to cybercrime?
I can not say this enough: AI. We’re already seeing photo, video and audio deepfakes being used in cybercrimes. With time, they shall only become more convincing. We need to leverage the same technology to bust cybercrimes, to identify deepfakes and spot phishing emails and so on and so forth. And all of these tools need to be freely available to all.
Section 6: Final Thoughts
Q16: What message would you like to share with authorities who are responsible for cybersecurity awareness, and with the general public who are the targets of these campaigns?
Honestly, my heart goes out to them because I’ve seen them grappling with issues as ridiculous as faulty internet routers in this day and age. I sincerely hope they get all the resources they need and more, so that they have enough wherewithal to combat the ever-increasing menace of cybercrimes, both in terms of prevention and detection.
It would also help if they looked at people like me as allies rather than adversaries. When I’m pointing out the gaps in their efforts, I am only doing it so that they may fill up those gaps and safeguard the interests of the common man. We all have our roles assigned to us. I am simply playing mine and requesting them to play theirs.
Q17: In an ideal scenario, how would you envision the public’s response to cyber threats five years from now?
In an ideal scenario, I’d envision every citizen being extremely suspicious of every call, message and email, using strong passwords that are changed every three months, and inculcating health habits like checking online data leak repositories regularly to see if their passwords or other data is compromised.
That’s right, there are websites that collate leaked data of citizens. But how many of us are even aware that these websites exist?
Q18: Is there anything else you’d like to add about the ongoing efforts to protect people from cybercrime, or any advice you’d like to give?
Basics. Keep your phones and computers updated. Take a break from Instagram Reels and read up on cybercrimes every day for half an hour. Trust no one with your money or data. Anything that seems too good to be true, is probably just that. And report all crimes to the authorities immediately.
Security, whether physical or online, is a collaborative effort and no one plays a bigger role in it than the intended targets themselves.
Conclusion: Thank you for taking the time to share your expertise with our readers. Your insights will greatly contribute to the understanding and advancement of “”Why Are Lakhs of People Still Falling Prey to Cybercrime Despite Authorities Claiming to Conduct Intensive Awareness Campaigns?”.